From 16527c8124f1c7d6b8f585bbc4440f66faea288a Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Wed, 17 Aug 2016 09:32:43 +0200 Subject: [PATCH] Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now --- lib/TLS/src/Method.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index fcfa35d..7074ca2 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -217,9 +217,9 @@ void eap::method_tls::begin_session( const config_method_tls *cfg_method = dynamic_cast(cfg_prov.m_methods.front().get()); assert(cfg_method); - // Restore previous session ID and master secret. We might get lucky. - m_session_id = cfg_method->m_session_id; - m_master_secret = cfg_method->m_master_secret; + //// Restore previous session ID and master secret. We might get lucky. + //m_session_id = cfg_method->m_session_id; + //m_master_secret = cfg_method->m_master_secret; } @@ -874,6 +874,9 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const m_module.log_event(&EAPMETHOD_TLS_CHANGE_CIPHER_SPEC, event_data((unsigned int)eap_type_tls), event_data::blank); + if (!m_state_server_pending.m_alg_encrypt) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Change cipher spec received without cipher being negotiated first."); + static const unsigned char s_label[] = "key expansion"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); @@ -910,6 +913,7 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const // Accept server pending state as current server state. m_state_server = std::move(m_state_server_pending); + m_state_server_pending.m_alg_encrypt = 0; // Explicitly invalidate server pending state. (To mark that server must re-negotiate cipher.) }